Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
The post explains how to configure untagged port to connect PC.
It applies to Sophos Switch firmware version 1.
In the example, we are going to untag VLAN 200 on Sophos Switch Port9 and Port10 to connect PCs, and tag VLAN 200 on Port1 to connect core switch.
Three steps are required:
- untag VLAN 200 on Port9 and Port10
- configure PVID 200 on Port9 and Port 10
- tag VLAN 200 on Port1
Configuration
untag VLAN 200 on Port9 and Port10
VLAN ID needs to be untagged on egress traffic to PC.
Log on webadmin of Sophos Switch, go to Configure > VLAN settings > 802.1Q, and Add a new VLAN
Add a new VLAN 200, and name it as you prefer.
Then Edit the VLAN 200 we just created
Untag it on Port9 and Port10
configure PVID 200 on Port9 and Port 10
By default, Sophos Switch put ingress traffic without VLAN ID to the default VLAN 1, as explained in Sophos Cloud Switch: PVID https://support.sophos.com/support/s/article/KB-000043521
In another word, by default, Sophos Switch put traffic received from PC to VLAN 1.
To change the behaviour, we need to change PVID on untagged ports.
In Sophos Switch webadmin, go to Configure > VLAN settings > PVID and ingress filter, check Port9 and Port10, and Edit them.
Set PVID to 200 on Port9 and Port10.
tag VLAN 200 on Port1
Tag a VLAN on port is quite straightforward
In webadmin of Sophos Switch, go to Configure > VLAN settings > 802.1Q, Edit VLAN 200
Tag it on Port1
Edited TAGs and disclaimer
[edited by: Erick Jan at 11:59 PM (GMT -8) on 10 Jan 2024]